Recommendation 16

The NAO report highlights that best practice relationships between a sponsor department and an ALB include the sharing of performance information and risk-based data which is discussed on a regular basis.33 The Ministry of Justice told us that one of the main reasons it does not have all the data it needs to effectively oversee its ALBs is the continued use of legacy IT systems. Aging IT means departments cannot always capture the data they need in the right way and different systems cannot talk to each other. This makes it difficult to identify ‘one version of the truth’ as there are inconsistencies in data from different systems. The Department for Environment, Food and Rural Affairs (DEFRA) agreed with this and told us that legacy IT was a significant barrier to getting the 27 Committee of Public Accounts, Department’s oversight of arm’s-length bodies, Twenty-first Report of Session 2016–17, HC 488, 21 October 2016 28 Qq 59- 60, C&AG’s report, para 18 29 Q 4, C&AG’s report, Figure 9 30 Qq 77–78, C&AG’s report, paras 18, 3.9 31 Q 27 32 C&AG’s report, para 3.9 33 C&AG’s report, Figure 9 Government’s delivery through arm’s-length bodies 13 data it needs to oversee its ALBs.34 Legacy IT also makes an organisation more vulnerable to cyber-attacks. DEFRA told us that one of the biggest risks it faces as an organisation is the impact that aging IT infrastructure has on its resilience.35